# -- Plugin to find vulnerabilities, misconfigurations, secrets, SBOM and more.
# ref: https://woodpecker-ci.org/plugins/Trivy

variables:
  - &trivy_plugin aquasec/trivy:latest

when:
  - event: [ push ]
    path:
      exclude: ['doc/**', 'mkdocs.yml']
    branch: [ v2 ]
  - event: [ tag, release, manual ]

steps:
  trivy:
    image: *trivy_plugin
    commands:
      # use any trivy command, if exit code is 0 woodpecker marks it as passed, else it assumes it failed
      - trivy fs --exit-code 1 --skip-dirs doc/ --severity MEDIUM,HIGH,CRITICAL .
